Bug 445138 (CVE-2012-6052)

Summary:	<net-analyzer/wireshark-{1.6.12,1.8.4}: multiple vulnerabilities (CVE-2012-{6052,6053,6054,6055,6056,6057,6058,6059,6060,6061,6062})
Product:	Gentoo Security	Reporter:	Jeroen Roovers (RETIRED) <jer>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	minor	CC:	netmon, pva, zerochaos
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:	B3 [noglsa]
Package list:		Runtime testing required:	---
Bug Depends on:	436212
Bug Blocks:

Description Jeroen Roovers (RETIRED) gentoo-dev

2012-11-29 02:40:39 UTC

http://www.wireshark.org/docs/relnotes/wireshark-1.6.12.html
http://www.wireshark.org/docs/relnotes/wireshark-1.8.4.html

Comment 1 Jeroen Roovers (RETIRED) gentoo-dev

2012-11-29 04:27:36 UTC

wireshark-1.6.12.ebuild and wireshark-1.8.4.ebuild have been added, but I'd like to hear back from the gnutls-3 users on the blocking bug (and its blocking bugs) before going to stable.

Comment 2 Jeroen Roovers (RETIRED) gentoo-dev

2012-11-29 16:55:35 UTC

Arch teams, please test and mark stable:
=net-analyzer/wireshark-1.6.12
=net-analyzer/wireshark-1.8.4
Stable KEYWORDS : alpha amd64 hppa ia64 ppc ppc64 sparc x86

Comment 3 Agostino Sarubbo gentoo-dev

2012-11-30 11:28:30 UTC

amd64 stable

Comment 4 Jeroen Roovers (RETIRED) gentoo-dev

2012-11-30 16:36:45 UTC

Stable for HPPA.

Comment 5 Agostino Sarubbo gentoo-dev

2012-12-03 20:56:51 UTC

x86 stable

Comment 6 Agostino Sarubbo gentoo-dev

2012-12-04 13:37:21 UTC

ppc stable

Comment 7 Agostino Sarubbo gentoo-dev

2012-12-04 13:37:58 UTC

ppc64 stable

Comment 8 Sean Amoss (RETIRED) gentoo-dev

2012-12-05 23:26:36 UTC

CVE-2012-{5592,5593,5594,5595,5596,5597,5598,5599,5600,5601,5602} have all been rejected in favor of new CVE's (coming in next comment).

Comment 9 GLSAMaker/CVETool Bot gentoo-dev

2012-12-05 23:27:07 UTC

CVE-2012-6062 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6062):
  The dissect_rtcp_app function in epan/dissectors/packet-rtcp.c in the RTCP
  dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 allows
  remote attackers to cause a denial of service (infinite loop) via a crafted
  packet.

CVE-2012-6061 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6061):
  The dissect_wtp_common function in epan/dissectors/packet-wtp.c in the WTP
  dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 uses an
  incorrect data type for a certain length field, which allows remote
  attackers to cause a denial of service (integer overflow and infinite loop)
  via a crafted value in a packet.

CVE-2012-6060 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6060):
  Integer overflow in the dissect_iscsi_pdu function in
  epan/dissectors/packet-iscsi.c in the iSCSI dissector in Wireshark 1.6.x
  before 1.6.12 and 1.8.x before 1.8.4 allows remote attackers to cause a
  denial of service (infinite loop) via a malformed packet.

CVE-2012-6059 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6059):
  The dissect_isakmp function in epan/dissectors/packet-isakmp.c in the ISAKMP
  dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 uses an
  incorrect data structure to determine IKEv2 decryption parameters, which
  allows remote attackers to cause a denial of service (application crash) via
  a malformed packet.

CVE-2012-6058 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6058):
  Integer overflow in the dissect_icmpv6 function in
  epan/dissectors/packet-icmpv6.c in the ICMPv6 dissector in Wireshark 1.6.x
  before 1.6.12 and 1.8.x before 1.8.4 allows remote attackers to cause a
  denial of service (infinite loop) via a crafted Number of Sources value.

CVE-2012-6057 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6057):
  The dissect_eigrp_metric_comm function in epan/dissectors/packet-eigrp.c in
  the EIGRP dissector in Wireshark 1.8.x before 1.8.4 uses the wrong data type
  for a certain offset value, which allows remote attackers to cause a denial
  of service (integer overflow and infinite loop) via a malformed packet.

CVE-2012-6056 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6056):
  Integer overflow in the dissect_sack_chunk function in
  epan/dissectors/packet-sctp.c in the SCTP dissector in Wireshark 1.8.x
  before 1.8.4 allows remote attackers to cause a denial of service (infinite
  loop) via a crafted Duplicate TSN count.

CVE-2012-6055 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6055):
  epan/dissectors/packet-3g-a11.c in the 3GPP2 A11 dissector in Wireshark
  1.8.x before 1.8.4 allows remote attackers to cause a denial of service
  (infinite loop) via a zero value in a sub-type length field.

CVE-2012-6054 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6054):
  The dissect_sflow_245_address_type function in
  epan/dissectors/packet-sflow.c in the sFlow dissector in Wireshark 1.8.x
  before 1.8.4 does not properly handle length calculations for an invalid IP
  address type, which allows remote attackers to cause a denial of service
  (infinite loop) via a packet that is neither IPv4 nor IPv6.

CVE-2012-6053 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6053):
  epan/dissectors/packet-usb.c in the USB dissector in Wireshark 1.6.x before
  1.6.12 and 1.8.x before 1.8.4 relies on a length field to calculate an
  offset value, which allows remote attackers to cause a denial of service
  (infinite loop) via a zero value for this field.

CVE-2012-6052 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6052):
  Wireshark 1.8.x before 1.8.4 allows remote attackers to obtain sensitive
  hostname information by reading pcap-ng files.

Comment 10 Raúl Porcel (RETIRED) gentoo-dev

2012-12-15 17:48:00 UTC

alpha/ia64/sparc stable

Comment 11 Sean Amoss (RETIRED) gentoo-dev

2012-12-16 15:50:22 UTC

Thanks, everyone.

GLSA vote: no.

Comment 12 Stefan Behte (RETIRED) gentoo-dev

2012-12-16 21:47:13 UTC

Application crash. Vote: no.
Closing noglsa.